CVE-2010-0442

The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow."
Severity
UNKNOWN
AV:N/AC:L/Au:S/C:P/I:P/A:P
Atk. Vector
NETWORK
Atk. Complexity
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
postgresqlpostgresql
7.4 ≤
𝑥
< 7.4.28
postgresqlpostgresql
8.0 ≤
𝑥
< 8.0.24
postgresqlpostgresql
8.1 ≤
𝑥
< 8.1.20
postgresqlpostgresql
8.2 ≤
𝑥
< 8.2.16
postgresqlpostgresql
8.3 ≤
𝑥
< 8.3.10
postgresqlpostgresql
8.4 ≤
𝑥
< 8.4.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
postgresql-7.4
oneiric
dne
natty
dne
maverick
dne
lucid
dne
karmic
dne
jaunty
dne
intrepid
dne
hardy
dne
dapper
ignored
postgresql-8.0
oneiric
dne
natty
dne
maverick
dne
lucid
dne
karmic
dne
jaunty
dne
intrepid
dne
hardy
dne
dapper
ignored
postgresql-8.1
oneiric
dne
natty
dne
maverick
dne
lucid
dne
karmic
dne
jaunty
dne
intrepid
dne
hardy
dne
dapper
Fixed 8.1.20-0ubuntu0.6.06
released
postgresql-8.2
oneiric
dne
natty
dne
maverick
dne
lucid
dne
karmic
dne
jaunty
dne
intrepid
dne
hardy
ignored
dapper
dne
postgresql-8.3
oneiric
dne
natty
dne
maverick
dne
lucid
dne
karmic
ignored
jaunty
Fixed 8.3.10-0ubuntu9.04
released
intrepid
ignored
hardy
Fixed 8.3.10-0ubuntu8.04
released
dapper
dne
postgresql-8.4
oneiric
Fixed 8.4.3-1
released
natty
Fixed 8.4.3-1
released
maverick
Fixed 8.4.3-1
released
lucid
Fixed 8.4.3-1
released
karmic
Fixed 8.4.3-0ubuntu9.10
released
jaunty
dne
intrepid
dne
hardy
dne
dapper
dne
Common Weakness Enumeration
References